Incorrect Comparison in Vyper
Impact
bytestrings can have dirty bytes in them, resulting in the word-for-word comparison to give incorrect results, e.g.
b1: Bytes[32] = b"abcdef"
b1 = slice(b1, 0, 1)
b2: Bytes[32] = b"abcdef"
t: bool = b1 == b2 # incorrectly evaluates to True
even without dirty nonzero bytes, because there is no comparison of the length, two bytestrings can compare to equal if one ends with "\x00".
b1: Bytes[32] = b"abc\0"
b2: Bytes[32] = b"abc"
t: bool = b1 == b2 # incorrectly evaluates to True
Patches
fixed in https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime